OFFICE OF THE COMPTROLLER AND AUDITOR GENERAL OF INDIA 9, Deen Dayal Upadhyay Marg, New Delhi – 110 124 

 

No.172 ‐Audit (AP)/ 37‐2008 Dated: June 4, 2009 

 

To 

1. All Audit Offices (as per list) 2. DsG, NAAA, Shimla & iCISA, Noida and Heads of all RTIs/RTCs 

 

Sub: Operationalisation of Audit Quality Management Framework for    the Department 

 

Sir/Madam, 

The Comptroller and Auditor General of India (C&AG) has approved an Audit Quality  Management  Framework  (AQMF)  for  Indian  Audit  and  Accounts Department (Annex‐A). This Framework  includes all the elements and  instruments related to them that provide an assurance of quality in the audit function.  

2.  This  Framework  has  been  prepared  in  the  backdrop  of  the  Audit Quality Assurance Guideline brought out by ASOSAI. A Task Force under the then ADAI (RC) went into the extent to which and the manner in which these guidelines should be adopted and implemented in our audit function.  The Task Force felt that adoption of ASOSAI guidelines in their totality may necessitate jettisoning the entire body of standards, manuals & guidelines and other similar  technical guidance  literature  in which  most  of  the  key  elements  of  an  umbrella  framework  for  Audit  Quality Management are already embodied  in one or the other  form. Therefore, the Task Force,  in  its Report,  recommended adoption of an umbrella Framework  for Audit Quality Management (AQMF), which would map various existing Key Instruments to be employed (KIEs) for audit quality assurance viz., the C&AG’s (DPC) Act, Auditing Standards and some of the Manuals and Guidelines  issued by this office, with the main  Audit  Quality  Management  Elements  (QMEs).  The  draft  Audit  Quality Management  Framework  (AQMF)  was,  thereafter,  circulated  for  comments  and duly  amplified  based  on  such  comments  as were  received.    The  purpose  of  this circular  is  to operationalize  the AQMF as ordered by  the Comptroller and Auditor General of India. 

3.  The  Framework  identifies  the  policies,  practices  and  guidance  on  the  five broad  parameters  of  the  quality  management  processes,  viz.  'leadership  and direction', 'human resources management', 'audit  

‐ 2 ‐ 

 

management',  'clients  and  stakeholder  relations'  and  'continuous  improvement'.   Being an evolving document, the quality Framework has been developed  in such a fashion that leaves ample scope for incorporation of the best practices in future and lends  itself  to  continuous  upgradation  in  line  with  the  environment  and technological changes and as new audit methodologies and practices develop.  

4.  All the five broad parameters of quality management processes (referred to in paragraph 3 above) have been further divided into various 'quality management elements'  (QMEs—Annexe‐A‐I).  For  example,  in  the  case  of  parameter  on  'audit management " the QMEs include 'audit planning, 'staffing for audit', 'conducting of audit', 'evidence', 'documentation', 'reporting", etc.  

5.  Each 'quality management element' has been linked to the 'key instruments employed' (KIE) i.e. the reference has been made to Constitution, C&AG’s (DPC) Act, Auditing Standards, Manuals, Guidelines, etc. 

6.  The Operationalization  of AQMF will  involve  issue  of  appropriate  internal instructions  to various Functional Wings and,  in  turn, by each Functional Wing  to  field offices under their control to ensure appropriate customization of the AQMF with  the  specificities  of  each  stream  of  audit,  viz.,  Civil,  Commercial,  Defence, Railway, Revenue, etc. 

7.  During  the  course  of  implementation  of  the  instructions  contained  in subsequent  paragraphs,  a  clear  hierarchy  of  audit  related  literature  will  be established as follows:  

Level I ‐ The Constitutional provisions and the C&AG’s (DPC) Act and Regulations.  

Level II ‐ Standards and generic manuals/guidelines that have been brought out by Audit Wing and have universal application.  

Level‐III  ‐ Supplementary manuals of  instructions and guidance and practice notes that  each  Functional Wing may  bring  out  clearly  drawing  upon  and  expounding upon Level I and II literature/standards.  

Level‐IV  ‐  The  local manuals/circulars/orders which  each  office may  bring  out  to supplement Level III literature.  

8.  Respective  streams  of  audit  like  civil,  defence,  railways,  commercial, revenue,  scientific,  local bodies, etc., as well as  field audit offices are  required  to formulate and/or elaborate  internal  instructions  in accordance with  the principles outlined in the framework, as indicated below. 

 

 

 

‐ 3 ‐ 

 

 

Actionable Point  Action to be taken by 

(i) Audit Wing  at  Headquarters will  correlate the entire generic technical literature, viz. Regulations, Internal  Control  Evaluation  Manual,  Guidelines  for Audit of Public Private Partnership Projects as well as directions  issued  for  various  matters  relating  to procedures  and  practices  of  audit  to  corresponding QMEs and designate the former as KIEs.  

DG (Audit) 

(ii) Each  Functional Wing  at Headquarters will undertake  similar  action  in  so  far  as  manuals, guidelines,  orders,  etc.  issued  by  that  Wing  are concerned.  The  task  will  be  accomplished  by  first consolidating  all  documents,  i.e.  orders,  instructions, circulars,  clarifications,  etc.  and  followed  by  their correlation  with  corresponding  KIEs  i.e.  manuals, guidelines, regulations, C&AG's  (DPC) Act, as  the case may be.  

DG/PD  in  charge  of  each Functional  Wing  at Headquarters 

(iii) Both manuals/  guidelines  as well  as  other documents will be analyzed and correlated  to various QMEs as shown  in the Annexure  'B' of the AQMF.   As far  as  possible,  circulars/instructions  under  each  'key instrument' of AQMS framework will be identified with financial,  compliance  and  performance  audit  as  the case may be.  

• DG  (Audit)  for Audit Wing; 

• DG/PD  in charge of each Functional Wing at Headquarters  for  their wing 

(iv) The  field  audit  offices  under  each Functional  Wing  will  undertake  similar  action  as indicated  at  (i)  to  (iii)  in  respect  of  their manuals/circulars/instructions, etc.  

Heads  of  Departments  of field audit offices 

- 4 –

(v) After  the  complete  mapping  of  existing manuals, guidelines, circulars, etc. as suggested above has  been  done,  the  following  procedure  will  be followed by all concerned:‐ 

 

• Provisions,  orders,  instructions  in  various KIEs  i.e.  Regulations,  manuals,  guidelines  and  other documents that are incongruent or contrary to a QME will be identified for weeding out/deletion.  

 

 

 

• Gaps  will  be  identified  in  the  available literature  i.e.  manuals,  guidelines  and  other documents  to  the  extent  the  KIEs  are  silent  or inadequate  in matching  up  to  the  standards,  clarity and comprehensiveness implicit in each QME.  

 

• Appropriate  amplifications,  revision, concordance  or  merger  of  existing  KIEs  will  be proposed  to  fill  the gaps  identified and  to  rationalize the entire AQM Framework as it exists.  

• DG  (Audit)  for Audit  Wing  (generic Manuals  and  instructions issued by DG (Audit)); 

 

• DG/PD  in charge of each Functional Wing at Headquarters  for  their wing  (for  their  functional Manuals  and  instructions issued by their wings) 

 

• Heads  of Departments of field audit offices 

 

 

9.  While reviewing, reformulating and integrating all technical literature in the above manner, parentage and grand parentage of each manual, guidance/ practice notes, circulars/  instructions will be clearly delineated against  the higher  levels of literature/standards as indicated in paragraph 7 above.  

 

10.  The  instructions  on  audit matters  should  be  consolidated,  compiled,  and printed/issued in the following manner. 

 

 

‐ 5 ‐ 

 

(i) All  the  instructions on  audit matters  issued by different Functional Wings  in HQs  (Level‐III  literature) and by  the  field  offices  should  be  consolidated  annually  in manual  or  electronic  form  and  compiled  in  accordance with  the broad elements of  the AQMS Framework. These will then be printed/ issued annually as supplements to the main manuals/guidelines so issued and circulated to all the concerned  Functional  Wings/field  offices.  In  the supplements, to be brought out as a series (I, II, III) till the main Manual itself is updated/ revised, the material will be arranged with  reference  to  the QMEs  of  the  Framework. This  exercise  will  also  render  revision/updating  of  the manuals/ guidelines very easy.  

• DG/PD  in charge  of  each Functional  Wing  at Headquarters  for their  wing  (for  their functional  Manuals and  instructions issued by their wings);

• Heads  of Departments  of  field audit offices 

 

(ii) The  field  offices will  do  like‐wise  in  respect  of Level‐IV literature every year 

Heads  of Departments  of  field audit offices  

(iii) The  Audit Wing will  do  like‐wise  in  respect  of Level‐II literature, if necessary, every 2/3 years. 

DG  (Audit)  for Level‐II literature 

 

11.  Change  in  a  KIE  should  be  made  or  a  clarification  issued  only  by  the authority that has brought  it out  in the first place. Also, no change  in a KIE should be  in  conflict  with  a  corresponding  KIE  of  higher  level.  Thus,  where  a  change constitutes a deviation  from a  standard or a generic manual/guidelines  issued by Audit Wing, no circular, etc., for effecting such a change should be  issued without the concurrence with the Audit Wing.  

12.  As far as possible, all future changes or revisions in manuals/ guidelines, etc. should  be  communicated  by  the  authority  that  has  issued  the  original manuals, guidelines, etc. through correction slips only ‐ instead of through random circulars, instructions, etc. 

13.  The  action  required  as  per  paragraph  8  above may  be  completed  by  31st March, 2010 by Audit Wing and the Functional Wings at Headquarters Office and by 30th  September,  2010  by  all  field  audit  offices.    For  the  purpose  of  ensuring adherence to this target date, the Functional Wings and field offices are requested to  draw  out  a  plan  of  action  with  definite  time  lines.    Any  additional  human resources  if  required  for  this  purpose may  be  carefully  identified  and  assigned exclusively  for  the  task,  from  within  the  existing  staff.    At  Headquarters,  the required staff complement may be drawn, if necessary, on a temporary basis from respective field offices in consultation with PD (Staff). 

 

 

‐ 6 ‐ 

14.  Progress  Reports  on  the  above  may  be  sent  to  DG  (Audit)  by  all  the Functional Wings at Headquarters and  field audit offices within 15 days after  the end of  every quarter starting from 1st July, 2009, i.e., the first progress report may be sent by 15th October, 2009. 

 Encl. As above. 

  Yours faithfully 

  

(BB Pandit)           Director General (Audit) 

   No.  173  –Audit(AP)/37‐2008                                 Dated: June 4, 2009  

 

1. All DAIs/ADAIs 2. All DsG/PDs/Directors at Headquarters 3. Secretary to C&AG

 (BB Pandit) 

          Director General (Audit) 

1

Annexure ‘A’ Audit Quality Management Framework

Introduction 1. The process of managing audit quality is a means of ensuring that audit is planned efficiently, executed effectively, and that the audit product meets the benchmarks of the department and the needs of clients and stake holders. This guide attempts to list out, in a generic manner, steps to be taken at different stages of the audit process so as to ensure quality in audit. Building these aspects into the audit cycle at all stages and all levels would enable us to move from an emphasis on quality control of an individual audit product to one of continuous quality assurance. The broad objectives of quality assurance are to ensure that:

• Controls are in place at all stages of the audit cycle including planning, execution, reporting and follow up

• Controls are properly implemented • In built mechanism to constantly review and update the controls exists.

2. While the framework brings out various measures required to ensure quality control and assurance in audit, this has to be read with and supplemented by auditing standards, existing audit manuals, guidelines and instructions to have a complete and exhaustive description of auditing principles, processes and practices followed in different streams of audit across the department. Respective wings/streams of audit like civil, defence, revenue, commercial, railways, scientific, etc. may formulate internal instructions in accordance with the principles outlined in the framework and consistent with auditing standards, existing audit manuals, guidelines, etc. Being an evolving document, the framework lends itself to continuous upgradation in line with the technological changes and development of new methodologies and practices. 3. ‘Audit Quality Management Framework’ governing the SAI should generally consist of the five major elements of ‘leadership and direction’, ‘human resources management’, ‘audit management’, ‘client and stakeholder relations’ and ‘continuous improvement’. In public audit, quality management involves a system composed of the audit organisation, the auditors and the audit process, all working together to produce outputs that fulfil the requirements of its stakeholders and the general public. Continuous improvement in the quality of audit by focusing on the needs of clients and stakeholders is the underlying principle behind the audit quality management system or framework. It is essential that SAI should have quality management policies & procedures in place and should ensure that these policies and procedures are subject to a review mechanism. 4. The present framework attempts to concentrate largely on measures and procedures carried out within the audit process that would provide a reasonable assurance about the quality of audit work and the results of audit. It covers all audit products and results of audit from audit notes, inspection reports and management letters to audit reports sent to the government and finally presented to legislature. The framework or the basic structure also includes quality practices and measures to be followed in all audits conducted by the department: financial audit, compliance audit and

2

performance audit. The framework would apply to all streams/branches of audit in the Department – civil, commercial, defence, revenue, railways, scientific, posts and telecommunications, local bodies, etc. 5. The framework is divided into two broad sections: I-Audit Planning, Execution, Reporting and Follow-up’ and II-Continuous Improvement through Technical inspection, Peer Review and Lessons Learnt Process”. I-Audit Planning, Execution, Reporting and Follow-up Audit Planning 6. Audit planning is expected to be strategic in that it fits into the long term and short term goals of audit. These goals would need to be identified and framed in consonance with the overall “Vision and Mission statement” of the Department, and be in line with the specific targets and goals of individual wings/offices. Within the strategic plan for audit, an annual operational plan for all audits to be conducted in a financial year is drawn up in the field offices. The annual audit planning broadly comprises of risk assessment, selection of units, assignment planning, etc. The quality measures, procedures and practices set out below are related to operational plan for all audits and planning for individual audit assignments. (i) Electronic database of auditee profiles: This is the foundation of audit planning. It is, therefore, important to maintain comprehensive and current information on all entities to be audited so as to target the right units. This database/knowledge repository which should be maintained electronically is to be utilised in a scientific manner by applying tools such as risk assessment techniques to enable an objective and unbiased selection of auditee units. Information available from the VLC database should be used for audit planning as also data from various e-governance initiatives undertaken by entities. (ii) Materiality and risk assessment: The audit plan should be based on a clear assessment of risk, materiality and priority. The overall significance of the auditee based on factors such as financial size or the effect of its performance on the public at large or issues of national importance would be a major factor in prioritising the audits. These could include previous audit experience, visibility of the subject, auditability of the unit and expected audit impact. (iii) Audit objectives, scope and methodology: Once the selection of auditee unit has been made, specific audit objectives should be drawn up which would govern the manner in which the audit is to be carried out. These could include reporting compliance with rules and procedures, forming an opinion on the financial statements, and assessing the performance of the auditee and its programmes.

The audit objectives along with the risk profile of the auditee, the level of assurance required and available audit personnel would help determine the scope of audit, sample size and the composition of the audit team. Quality at the stage of audit planning can be enhanced by regular interactions between top management and other team members/officers involved in the audit process to ensure that all critical areas have been adequately addressed. Audit methodology should be designed in such a fashion as to provide sufficient, competent and relevant evidence to achieve the objectives of the audit.

3

(iv) Focus on criteria: Audit criteria and evidence required to be gathered are to be decided upon following the audit objectives, and in accordance with the broad parameters laid down at the stage of audit planning. Audit criteria can be broadly defined as a benchmark or a standard to assess the work of the auditee on financial statements, compliance and performance related issues. The audit criteria can be prepared in several forms by establishing certain broad parameters or as a checklist or as a set of questions for examination. (v) Identification of key risk areas and statistical sampling techniques: Key risk areas should be identified for focused attention during the audit and scientifically designed sampling techniques used for determination of sample size. (vi) Scheduling of audit: Allocation of time for the audit of each unit is dependent on the audit scope, manpower availability and other relevant departmental instructions contained in Manuals/guidelines, etc. The actual scheduling of audit should be subject to the mutual convenience of both auditor and auditee. (vii) Training and capacity building: Training of staff should be taken up regularly so as to continuously upgrade skills and keep pace with changes in audit methodologies, techniques and tools. Training activities could include in house training programmes, seminars and workshops as well as on the job training, training at RTIs and for senior officers at NAAA/iCISA. The programmes should be standardised and structured to ensure uniformity and quality, and overall effectiveness of training assessed periodically. It should be ensured that officers trained in a specific area are retained in related audit for a reasonable period. ‘Training Standards’ of the department should be followed for undertaking training activities. ‘Training Needs Analysis’ would help in identifying gaps in knowledge, skills and ability for more focused and purposive training programmes for staff. (viii) Staffing for the audit - skill & knowledge of audit personnel: Domain knowledge of the audit subject is a critical element of the audit quality management framework and the skills and experience of the staff deployed on the audit are expected to be commensurate with the requirements of the task. Offices should maintain an inventory of skills of its audit personnel which would enable them to match the task with required skills. Gap analysis to determine whether all skills required for carrying out the audit are available in-house or can be built up by courses/training programmes in Regional Training Institutes or at higher management levels should be carried out. This is essential to decide on the need for appropriate experts/consultants to advise on key aspects of the audit e.g. selection of sample, issues for examination, audit methodology etc. In the event of deciding to hire experts/consultants, any existing orders or guidelines of the Department should be referred to. (ix) Assignment of personnel: There should be reasonable rotation of assignments of personnel so as to maintain objectivity and independence. It needs to be ensured that audit is carried out in an impartial and fair manner without favour or prejudice. (x) Parameters for distribution of work: Specific parameters for distribution of work amongst the members of audit parties in respect of different streams of audit like Civil, Commercial, Defence and Revenue, etc. needs to be laid down, if not already prescribed,

4

and should be continuously reviewed so that each member of an audit team has to do some original work irrespective of his position in the hierarchy. (xi) Standards formats & checklists: Standard formats and checklists should be developed and used to ensure uniformity and focus in the audit approach. These could include:

a) Preliminary list of documents to be seen; b) Suggested issues for examination; c) Checks to be exercised at different levels; and d) Format for reporting results.

(xii) Provision for supervision and review of audit: Adequate levels of supervision, monitoring and review at different levels, and as prescribed under different standards and guidelines of this department need to be provided in the audit plan so as to ensure that audit objectives are achieved. While supervision involves directing audit staff and monitoring their work during the audit to ensure that the audit objectives are met, review brings more than one more level of experience and judgement to the audit task and generally ensure involvement of higher levels of management with the audit process, including providing an assurance that the work has been carried out as per the standards and guidelines.

The audit plan should be reviewed and approved by the competent authority, with deviations from the approved plan during execution requiring written documentation and approvals. Before approving the audit plan, an exercise may also be conducted to ascertain the areas where inputs from other wings of audit would be required. Suitable mechanism may be evolved to obtain the requisite information from other wings on a timely and regular basis. This may also be reviewed on periodical basis. Existing departmental standards/manuals/guidelines/instructions issued in respect of audit planning need to be kept in mind and complied with. While reviewing and approving the audit plan it should be seen whether the planning process was:

• based on sound judgement; • comprehensive; • provided for suitably experienced staff for audit and supervision; • timely; and • appropriately documented.

Audit Execution 7. The audit execution process broadly includes the following:

• entry conference; • determination of the audit approach; • developing and executing audit tests through evidence gathering,

evaluating evidence, developing audit opinions; • developing findings and ensuring that replies/responses from the

management are received; • developing recommendations; and • exit conference.

5

(i) The audit process begins with a restatement of our understanding of the entity. This requires domain knowledge of the entity, the control framework within which the entity operates, and the external environment. The focus of audit would be on the key risk areas and audit objectives already identified so as to be able to provide higher levels of audit assurance on the functioning of the entity. This may be explained to the head of the auditee unit at the time of entry conference and his/her input obtained. However, the audit team would continue to have the flexibility to examine other risk areas that emerge during the audit, with proper documentation and approvals. (ii) Audit test programmes: Testing of the audit objectives is the task of carrying out a series of procedures and/or activities with reference to the audit criteria already developed, and obtaining relevant and reliable evidence in respect of these procedures/activities during the course of audit. The audit tests are the key link between the audit objectives and criteria and the conduct of an audit leading to credible and objective findings.

Instructions, detailed checklists and formats as contained in the Manuals/guidelines, etc. of the Department or as prepared at the stage of audit planning are to be referred to while framing the audit test programme. Selection of the sample to be tested should be done in a transparent manner, and where possible, with the help of appropriate sampling techniques. The sample drawn should be commensurate with the assurance levels required in the audit. Adequate documentation is required for the method of selection of the sample (e.g. random, judgemental etc.), its size and the audit criteria/objective with which the sample is linked. (iii) Developing audit findings: Audit findings/observations are based on the analysis of information or evidence drawn from the sample for audit, with computer assisted audit techniques and tools (CAATTS) applied wherever possible. Audit evidence should be valid, appropriate, reliable, sufficient, accurate and complete so as to be able to frame audit opinions and draw effective conclusions. The opinion and assessment of the auditor is to be based solely on the analysis of facts. Audit findings and conclusions should be an accurate reflection of actual conditions of the matter being examined. (iv) Documentation and maintenance of working papers: Complete and detailed working papers must be maintained in respect of the audit, appropriately cross referenced and supported by evidence. The working papers should be accurate, clear and relevant and should bring out the inputs made by the different members of the audit team including supervision and review, as determined in the audit plan. The working papers should also include information relating to monitoring / review of the work of a consultant/expert, if any, as outlined in departmental orders or guidelines. (v) Supervision of audit: Supervision could involve assigning of responsibilities, providing guidance, reviewing the work, staying informed about and addressing significant problems, and obtaining periodic feedback. There should be frequent communication with staff so that they all understand their roles and tasks within the overall aim and context of the task assigned. Critical points in the audit programme should be identified to ensure that audit aims are met.

6

(vi) Monitoring & Review of audit operations: Regular monitoring of the work at suitably senior levels would enable anticipation of problems and early intervention with appropriate action and solutions. Improved electronic and online monitoring of the progress of audit and providing guidance and clarification to field parties would substantially improve the quality of audit product. A comprehensive and timely review would also ensure that all conclusions are based on and supported by reliable and sufficient evidence. (vii) Exit Conference: Before the audit is completed, management/auditee responses to the audit findings and observations should be obtained. All connected key documents may also be obtained, especially in respect of important observations which are likely to feature in the audit report. The report should also be discussed in detail with the head of the auditee before concluding the audit programme. Audit Reporting and Follow up 8. The audit product includes all reports/appraisals/comments/opinions/findings that emerge from the audit process and its follow up. All findings should be evaluated in the context of the audit evidence seen, and the response of the auditee. Observations and conclusions are expected to be logical and based on valid audit evidence. The audit report should comment specifically on the audit objectives, scope and methodology and the results of the audit which include finding, conclusion and recommendations. Audit recommendations should be framed in the manner suggested in separate guidelines issued by the Department. The reporting should be in accordance with the ‘Reporting Standards’ of the Department. (i) Reporting for financial and compliance audits: For attestation or certification audit, the auditor’s opinion on a set of financial statements is generally in a concise, standardised format in accordance with standards/orders/guidelines of the Department. Opinions should be appended to and published with the financial statements to which they relate. For compliance audits which are primarily concerned with compliance with laws, regulations and procedures and with probity and propriety of decisions, the reporting and communicating the audit results should be in accordance with the policies, guidelines and instructions of the Department. (ii) Reporting for performance audit: Performance audit is wide-ranging in nature and is more open to judgment and interpretation. For performance audits, the report should be on the economy and efficiency with which resources are used, and the effectiveness with which objectives are achieved. The reporting structure will have to be in accordance with the Performance Auditing Guidelines of the Department. (iii) Characteristics of a good audit report: The audit report should be complete, accurate, objective, convincing, clear and concise. It should contain the audit objectives, scope and methodology and the results of audit which include findings and conclusions, and recommendations where applicable. Special attention is to be given while framing audit comments relating to fraud and corruption, as laid out in departmental instructions on the matter.

7

(iv) Review of audit findings before finalisation of reports: All audit findings should be reviewed at a suitably senior level before audit opinions or reports are finalised. The nature and extent of the review would depend on several factors such as the significance of the work, the risk perception of the auditee, and experience levels of the audit personnel. Review can be done on a concurrent basis when the audit work is going on, at the stage of preparation of audit observations, finalisation of inspection reports, drafting of audit reports and applying quality checks prior to final approval of the audit report. Similarly, a checklist may be prepared in the headquarters section of the field offices to review the Inspection Reports (IRs). The performance of the audit team may be reviewed at the time of finalisation of the IR on the basis of predetermined parameters and placed before the senior management for appropriate action. The results of the review need to be documented in a transparent manner, to be used as feedback into the audit cycle.

Review would include check of the presentation and format, and the technical quality and content of the product. It should ensure that all findings and conclusions are based on and supported by competent, relevant and reasonable evidence. All assertions of audit are to be fully supported by the data gathered during the audit. The documentation of key evidence and its interpretation in audit should clearly establish the manner in which audit conclusions were reached. The review checks whether the audit product is timely, comprehensive, and appropriately documented. Timeliness of the audit result may involve both the meeting of statutory deadlines and the delivering of the audit results when they were needed for a policy decision or to correct systemic weaknesses.

The response of the auditee should also be adequately reflected, and any divergence of opinion should be dealt with clearly. The review is expected to assess the level and quality of the prescribed supervision of the audit, and provide an assurance that the work has been carried out according to standards and guidelines of the Department.

(v) Developing audit recommendations: All performance audits should conclude

with well thought-out recommendations. For developing recommendations, audit should identify the underlying cause(s) of a finding, as this forms the basis for the recommendations. A quality recommendation is one that is:

Action-oriented-properly-directed, specific, convincing, significant, positive in tone and content;

Dealing with underlying causes and should correct the basic cause of the deficiency;

Feasible- and is workable; and

Cost-effective or the benefit to be derived from implementation of the recommendation outweighs the cost for its implementation.

(vi) Inventory of recommendations: A database of audit recommendations should be maintained electronically with appropriate grading for effective monitoring and follow-up of audit recommendations. The database also needs to be updated periodically. (vii) Follow up: Follow-up of the audit output improves the quality and effectiveness of audit by assessing the response of clients and stakeholders to the work performed by audit in terms of results and impact. There should be an assessment of action taken by the auditee in response to audit findings.

8

(viii) Liaison with clients and stakeholders: Follow up includes interaction with the auditee units and in case of audit reports presented to the legislature with legislative committees to ensure adequate attention and prioritisation to important audit findings. This would also help in identifying areas of public significance for future audit. Other stakeholders such as government functionaries, NGOs, and citizens groups should also be engaged in the audit process so as to increase the relevance and usefulness of the audit products. Public awareness of important audit outputs through the use of the media in accordance with the media policy of the department is also important. II - Continuous improvement through Technical inspections, Internal Audit, Peer Review and Lessons learnt Process 9. Post-audit technical inspections, internal audit and peer review are other mechanisms of self-assessment as to whether quality procedures are functioning effectively, and of identification of steps needed to further improve the quality of audit. (i) Lessons learnt process: A system of self-evaluation whereby audit teams may review audit practices through post-audit discussions is an important quality assurance process. The purpose of establishing continuous lessons learnt process is to help ensure consistent quality in audits and improve the department’s processes on a continuing basis. Regular internal discussions would help in taking stock of the audit on several parameters such as:

• Understanding what worked well • Whether the resources assigned to the audit were reasonable • Whether findings/conclusions/recommendations got an appropriate response • Reasons for less successful audits • Scope for improvement, and • How these can be achieved.

(ii) The key messages arising from the lessons learnt should be communicated widely through training, seminars, workshops and guidance. 10. The measures set out above are intended to improve the quality in the audit process. However, these procedures should not curb the initiative and good judgment of the auditor in adapting to particular circumstances. The judgment depends upon the audit task in hand, problems faced during the audit and the auditor’s competence, skill, expertise and professional qualifications, etc. 11. The framework described above incorporates measures and practices which when followed would provide a reasonable assurance that audits are conducted in a manner as to ensure high quality and meet stakeholders’ expectations. The premises set out here are generally drawn from the ASOSAI guidelines on audit quality management systems (AQMS). The ASOSAI audit quality management framework is placed at Annexure – A-1 for additional appreciation.

9

Annexure – ‘A-I’

Key Elements of the SAI’s Audit Quality Management Framework

Quality Management Element

This element should provide assurance that:

Key Instruments employed

Leadership and Direction

1. Tone at the top 2. Vision, Mission, Core Values and Auditing Standards

SAI has appropriate tone-at-the-top policies for SAI top management to ensure that the leadership SAI receives is consistent with the highest professional standards, SAI core values and its vision and mission. SAI has its own vision, mission and core values and auditing standards, which conform to the audit quality management system.

• Strategic Plan of the SAI

• Annual Activity/Performance Report

• Audit Advisory Board

• Auditing Standards of the SAI

• Vision, Mission

Statement and core values

• Strategic Plan • INTOSAI Auditing

Standards • SAI Auditing

Standards 3. Strategic Direction and Planning

The Strategic Plan prescribes the broad contours for medium term progress of the organisation and should help in establishing goals and delineating ownership & responsibility. The plan also incorporates the vision, mission and the core values of the SAI with the objective to improve the quality and impact of audit, to promote excellence in audit and for overall improvement in the quality of governance.

Strategic Planning exercise: vision, mission, values, including SAI top management’s focus areas.

4. Strategic Audit Planning 5. Portfolio and Risk Management

SAI should have in place strategic audit plans defining the goals and objectives to be achieved through audit and the strategic measures to attain them. The SAI undertakes work that is within its jurisdiction and authority to audit and that it

• Strategic Audit Plans of the SAI

• Act governing audit • Other legislation

10

efficiently and effectively manages the risks involved in performing the audit assignment. While planning for audit, SAI has considered all deserving and significant programmes/entities which are vulnerable to risks and /or are seen as important and relevant for review by legislature, the departments and the public.

• Strategic Plan of the SAI

• Strategic Audit Plan for performance and financial audits

• Client survey results • Request by

Stakeholders

Human Resources Management 1. Resourcing & Recruitment

Audit teams possess the required qualifications, collective knowledge of the subject matter, competencies and the auditing proficiency to enable them to carry out the audits and fulfill the audit mandate.

• Auditing Standards relating

to resources and recruitment- Human Resources rules, policies and guidance

• Specific requirements for resourcing & recruitment in the audit manuals on performance and regularity auditing (financial and compliance), audit policies and guidance,

2. Training and Capacity Building

The audit teams designated to carry out the work have adequate technical training and proficiency

• SAI Auditing Standards

relating to Training • Training Plan of the SAI • Human Resources policies

and guidelines • Training policies and

guidelines 3. Performance Management and Appraisal

The staff members receive timely and constructive feedback on their performance and have access to counselling and guidance to manage and develop their careers. Personnel selected for advancement i.e. those who are promoted are competent and fully qualified to fulfill the responsibilities that they will be called upon to assume. Personnel undertake professional development through such means as on-the-job training, self-directed studies, internal and external assignments An evolving learning curricula and development opportunities are maintained for the personal growth in knowledge and experience of the audit staff

• Performance Appraisal System • Human Resources Policies and

Guidance • Counselling, guidance and

monitoring processes • Professional development through

such means as on-the-job training, self-directed studies, internal and external assignments

11

4. Personnel Welfare and Benefits

Personnel wel fare and benef i t measures are in p lace in the organisat ion to mot ivate the staff to give their best

• Personnel Welfare

Policies

Audit Management

1. Audit Planning The work is adequately planned and the audit issues are selected on the basis of risk, their relevance to the SAI’s mandate, significance and auditability. Criteria that are suitable for evaluating the subject matter are identified and developed

• Performance Audit Manual • Financial Audit Manual • Audit Policy instructions

and guidance • Software support tools.

2. Staffing for the Audit Adequate staffing is provided for audit to be conducted efficiently and effectively

• Audit Manuals and Staffing Manuals

• Rules and Regulations governing service, policy instructions

• Manning schedules • Reshuffle/reassignment

policies 3. IT Tools 4. Other tools and guidance

Appropriate IT tools are available in the SAI as a measure of audit quality improvement Appropriate guidance and audit tools and techniques are in place, useful and applied consistently

• Software support tools • Office intranet site • Best Practice Guides • Audit policy instructions and

guidelines 5. Conducting the Audit All Audits are conducted with

due regard for efficiency and economy in terms of time spent and resources utilized and in accordance with the legal mandate, policies and practices of the SAI. The audit teams deliver the audit in time, in accordance with the

• Performance Audit Manual • Regularity (Compliance and

Financial) Audit Manual • Approved Audit Plans –

approved budget and human resources

• Progress Reports • Electronic Tools • Sampling guides

12

SAI’s principles and policies and audit costs are justified.

6. Consultation and advice Consultation is sought from experts and specialists with appropriate competence, skill, knowledge, judgment and authority to ensure due care and authoritative opinion when dealing with unusual, unfamiliar and complex issues.

• Auditing Standards • Performance and Financial

Audit Manuals • Audit Policies, procedures

and guidelines • Subject matter experts, to

provide advice and support • Audit Forum

7. Supervision and review Personnel working in the audit

team receive an appropriate level of leadership and direction so that they are encouraged to perform to their potential and to ensure that audits are properly carried out. Adequate supervision of all audit personnel is provided so as to ensure that audits are properly carried out. All audit work is reviewed by a senior member of the audit staff before the audit opinions or reports are finalized so as to bring more than one level of experience and judgment to the audit task and to ensure that all evaluations and conclusions are soundly based and are supported by competent, relevant and reasonable audit evidence as the foundation for the final audit opinion or report.

• Auditing Standards • Financial and Performance

audit manuals • Audit office policies,

procedures and guidelines • Human Resources policies

and guidance

8. Evidence Sufficient, appropriate, competent and relevant evidence is obtained to provide a reasonable basis to support the conclusion expressed in the report

• Auditing Standards • Financial and Performance

audit manuals • Audit office policies,

procedures and guidelines • Confirmation of findings

resulting from field work with the audited entities

• Review by senior management of SAI of some important reports and conclusions and their rationale

13

• Quality Assurance Review

9. Documentation The system of documentation in the SAI is designed to ensure that all the audit processes are duly recorded and available both for subsequent follow-up as well as for future audits.

• Auditing Standards • Audit Manuals – Financial

and Performance • Audit policies, procedures

and guidelines • Quality assurance review

10.Reporting and follow-up The audit report is relevant, coherent and written in plain and easily understandable language for the readers. There is effective review of all findings, conclusions and recommendations before finalization.

• Auditing Standards • Financial and Performance

Audit Manuals • Review and quality

assurance before issue of the report

• Post-audit quality assurance review

• Follow-up/monitoring of audit recommendations

Client and Stakeholder Relations

1. Communicating audit messages

Post-tabling audit messages are communicated clearly and consistently

• Office policies and instructions on this issue

• Guidance on press releases and response to media enquiries

2. Feedback from clients and stakeholders

Clients and stakeholders perceive information and audit processes as useful

• Tracking of SAI recommendations taken up by the legislature

• Analysis of external communications (media, public enquiries, references in debate)

• Survey of the legislators and government officials on the audit reports and whether they have perceived them as useful

3. Relationship between legislative committees and SAI

Effective and productive relationship exists between PAC and the SAI as regards consideration of the audit reports by the PAC. The examinations by the legislative Committees are intended to focus public attention on the audit findings and to point to the directions in which corrective action lies at present and where care is needed

• PAC discussions of the audit reports

• PAC reports – recommendations of the PAC

• SAI’s analysis of the scrutiny of the report by PAC

14

Continuous improvement 1. Internal Audit 2. Internal quality assurance review

An effective internal audit system exists in the SAI to assist the audit organisation to achieve effective management of its operations, sustain the quality of its performance & ensure compliance with internal control policies and procedures with the SAI. An effective internal quality assurance review mechanism exists to provide feedback on the effectiveness of the individual engagements for financial and performance audits as to whether they are performed in terms of applicable standards, policies and guidance and meet expected quality requirements.

• Auditing Standards • Internal audit

manual, policies and guidelines

• Action taken within the SAI on the internal audit reports

• Auditing Standards • Internal quality

assurance manual, policies and guidelines

• Action taken within the SAI on the internal quality assurance review reports

3. Peer Review As part of monitoring and review of its own operations, an SAI may need to further strengthen and improve the internal audit and internal quality assurance mechanisms. Independent peer review of the SAI’s operations is an international best practice. It is left to the discretion and judgement of the concerned SAI to implement this practice in the manner the SAI considers it appropriate within the framework of the existing laws and conventions in the SAI and

• Peer review reports • SAI’s policy and

programme on peer review of the audit practices

• Action taken on the Peer Review Report

15

the specific environment in which it functions.

4. Self-evaluation/ Lessons learnt

Audit experience is assessed and opportunities for improvement are identified and implemented

• Lessons learnt philosophy

• Survey instruments

16

Annexure ‘B’ SAI India

Audit Quality Management System – Mapping of Guidelines

Para-meters Quality Management Element Key Instrument employed Reference Tone at the top Constitution of India

CAG’s DPC Act Article 148-151 of the Constitution of India

Vision, Mission, Core Values and Auditing Standards

MSO (Audit) Performance Audit guidelines Auditing Standards

Chapter-I of Section II Chapter-I of PA guidelines Chapter-I of Auditing Standards

Strategic Direction and Planning MSO (Audit) Performance Audit guidelines Auditing Standards

Chapter-I of Section II Para – 2.1.25 Chapter-II of P.A. guidelines Para-4, Chapter-III of Auditing Standards

Strategic Audit Planning -do- -do-

Leadership and Direction

Portfolio and Risk Management Risk analysis – ADAI (RS)’s order ADAI (RS)’s DO letter No. 1127/Rep (S)/138-2002 Dated 4.10.2002 addressed to all PAsG/AsG along with Proforma for Audit Plan

Resourcing and Recruitment MSO (Admn.) Vol. I MSO (Admn.) Vol. III

Para-3.1-IA&AS, 4.1, 4.8, 4.10, 4.12-Gr.B Officers including Sr. PA, 5.4-Section Officer 6.2-Clerical staff, Para -7.2-7.6-Divisional Accountants, and Para-8.4-Gr.D. Details recruitment procedure.

Training and Capacity Building MSO (Admn.) Vol. I Training Manual

Para-3.3-IA&AS, 6.3-Clerical staff, 7.7-Divisional Accountants. Chapter-I of Training Manual

Performance Management and Appraisal

MSO (Admn.) Vol. I

Para-3.30-IA&AS, 10.11-Gr. B to Gr. D officials

Human Resources Management

Personnel Welfare and Benefits Orders of DOPT, Ministry of Personnel, Public Grievances and Pensions, Government of India

Orders issued from time to time

17

Audit Planning MSO (Audit) Performance Audit guidelines

Para-2.1.25 page 19 Chapter-2 Strategic Planning and selection of subjects Chapter-3 and 4 of PA guidelines

Staffing for the Audit OAD manual of respective field offices

IT Tools IT Audit Manual Software support tools-IDEA-5

Other tools and guidance Manuals for each wing/office Conducting the Audit MSO (Audit), Manuals relating to

each wing Section-II to VI of MSO (Audit)

Consultation and advice Orders issued from time to time Supervision and review Auditing Standards

Performance Audit guidelines Chapter-III of Auditing Standards Chapter-7 of P.A. guidelines

Evidence MSO (Audit) Performance Audit guidelines

Para-2.1.10- Audit Evidence Chapter-8 of PA guidelines

Documentation Performance Audit guidelines Chapter-5 of PA guidelines

Audit Management

Reporting and follow-up MSO (Audit) Auditing Standards

Chapter-4 of Section-VII Chapter-IV of Auditing Standards

Communicating audit messages MSO (Audit)

Chapter-4 of Section-VII

Feedback from clients and stakeholders

MSO (Audit)

Chapter-4 of Section-VII

Client and Stakeholder Relations

Relationship between legislative committee and SAI

MSO (Audit)

Chapter-4 of Section-VII

Internal Audit MSO (Audit)/ MSO (Audit) Vol. I

Section-III of Chapter-24 Para 1.17 of Chapter-I

Continuous Improvement

Internal quality assurance review Director General (Inspection, O/o the CAG of India)

18

Peer review Conducting of Peer Review was recommended in AG’s conference in 2003. It was approved by CAG in the file of Inspection wing in March 2004.

Manual is under preparation

Self-evaluation/Lessons learnt Reports of Internal Audit, Inspection by DG., Peer Review and Important points circulated by DI Inspection